The following procedure tells you how to export file execution results from a separate data group.
To export object execution results from a selected data group:
Kaspersky Threat Intelligence Portal exports up to 10,000 items from a data group.
The file containing execution results from the data group will be saved.
Default file names are represented in the table below. You can change the file name if necessary.
Default file names
Table name |
Default downloaded file name |
---|---|
Results tab |
|
Detection names |
<executed file MD5>.detection-names.json |
Triggered network rules |
<executed file MD5>.triggered-network-rules.json |
Download responses Available only for files that were downloaded from a web address. |
<executed file MD5>.download-responses.zip |
Suspicious activities |
<executed file MD5>.suspicious-activities.json |
Screenshots () |
<executed file MD5>.screenshots.zip |
System activities tab |
|
Loaded PE Images |
<executed file MD5>.loaded-pe-images.json |
File operations |
<executed file MD5>.file-operations.json |
Registry operations |
<executed file MD5>.registry-operations.json |
Process operations |
<executed file MD5>.process-operations.json |
Synchronize operations |
<executed file MD5>.synchronize-operations.json |
Extracted files tab |
|
Transferred files |
<executed file MD5>.downloaded-files.json |
Dropped files |
<executed file MD5>.dropped-files.json |
Network activities tab |
|
HTTP(S) requests DNS requests |
<executed file MD5>.network-traffic.zip (contains only network.pcap file) |
Similarity page |
|
Similarity |
<executed file MD5>_similarity.json |